PCI DSS COMPLIANCE

Security for your customers and your business

PCI DSS (Payment Card Industry Data Security Standard)

It is the fruit of the effort of the PCI Security Standards Council (PCI SSC) that is formed by the main issuers of payment cards (Visa, Mastercard, American Express, JCB and Discover).

PCI DSS allows to facilitate merchants, service providers, and banks to reduce the risk of leakage of information of the cardholders, through the protection of critical infrastructure (all the elements involved in the ecosystem) that process, transmit or store any data related to credit cards.

Any organisation involved in the processing, transmission or storage of information of the payment card must comply with the requirements of the PCI DSS in order to protect the credit card information of its customers.

Benefits

Meet a PCI DSS certified, ensuring you the many benefits

  1. Strengthening of the security of other processes and means of payment: The requirements of the PCI DSS are transversal to the organization and help protect for example transfers PES, payments and B2B.
  2. Protection of the reputation and the image of the business: In the case of a commitment card information is generated consequences to the reputation and image of the brand. PCI DSS helps to protect the brand of possible incidents.
  3. Risk reduction to implement controls that mitigate the risk of a possible leak of data.
  4. Increase the confidence of the customers: PCI DSS compliance is a letter of introduction to the industry of card payments, which creates trust with the customers and the ecosystem in general.
  5. Create a culture security in the organization.
PCI DSS

Services

How do we do it?

1. Compliance and definition of scope:

Don't expect it to break... do it best! It is always best to anticipate and identify opportunities to implement best processes, methodologies, and technologies in the security for your customers and your business.

The first step for the COMPLIANCE requirements PCI DSS is to perform an analysis by identifying within the organization of the components of the system such as: applications, databases, servers, network equipment, etc, are involved in the processing, storage and/or transmission of card data.

Seguridad en Aplicaciones

2. Lifting Flows

This service allows you to identify the environment in which they present data of the Card Holder in your organization in order to optimize the scope of your PCI DSS certified.

This is achieved through the identification of the processes or flows that stores, processes or transmits card data depending on the role that the entity in the payments industry with cards.

3. Inventories

Identify the system components involved in the data environment of the card.

4. Network segments

Identify network segments involved in the environment of card data and which are connected to the CDE (cardholder data environment), with the aim of defining strategies for the reduction of scope at the level of the network and the controls that they must have to isolate the environment data of the credit card holder.

5. Identification of service Providers and array of responsibilities

They relate to the service providers with which it shares card information or that impact the security of the data environment and identifies the controls that are the responsibility of the provider and the organization.

The first step for the COMPLIANCE requirements PCI DSS is to perform an analysis by identifying within the organization of the components of the system such as: applications, databases, servers, network equipment, etc, are involved in the processing, storage and/or transmission of card data.

6. Tables of Retention

Referred to the repositories that contain data card PAN (Primary Account Number), with their respective location, method of protection, retention time and method of destruction.

PCI
GAP ISO 27000

7. GAP

Or gap, you name it. It is the step you need to take as an organization to know the status of compliance with the current practices vs. the proposed requirements for the Safety standard PCI DSS doing a gap analysis.

Provides a detailed comparison of what your organization is currently doing by identifying areas of non-compliance that require solution at a pre-validation of formal compliance to the standard

To make a correct analysis of gaps, we use the following methodology:

1. Home
2.Definition of Scope
3.Planning interviews
4.Interviews by request

5. Analysis of results
6. Consolidated
7. Report GAP
8. End

8. Plan of Action

Based on the findings of the GAP we validate the action plan for closing the gaps by performing accompaniment and follow-up to the process.

We support the closing of the findings with an objective approach because our services do not compromise the independence of judgment as an organization QSA.

9. Evaluation of compliance

Some organizations excel in evaluation of compliance and others don't: what you want to be?

The ones that stand out are those that focus their efforts to define controls for the protection of the data of the card holder and/or confidential data authentication during their processing, storage and/or transmission.

The evaluation will focus on validating if the processes where they store, process or transmit card data to comply with the requirements of the PCI DSS.

PCI

Our Methodology

  • Home
  • Validation of Scope
  • Lifting of evidence
  • Planning, assessment, on-site
  • Perform evaluation on site
  • Generate ROC and AOC
  • End
iq pci dss

This is what you DO in your organization to comply with the applicable PCI:

Compliance monitoring

We support the organization in its process of monitoring the compliance so that the controls of the PCI DSS are carried out as part of their business activities (BAU), using validations quarterly.

SAQ Verification of compliance

We support the merchants and service providers in the validation of compliance with the SAQ (Assessment Questionnaire), the guidance on scope definition, diagnosis, plan of action and validation of the applicable requirements of the PCI DSS.

Compliance by Third parties

We support organizations in the validation of its service providers or third parties, identifying the requirements of the standard that applied to them according to the services they provide and verify their compliance.

Project management

We align with the Project Management of your Organization by allowing the scope of PCI DSS to allow us to fulfill your purpose and contribute value to your organization

Contact us

Start NOW to make your assessment of compliance with PCI DSS starting to protect the data of your customers.